Thanks Gary and Rivailno! Your diagnosis was correct. I'm officially coining the term "swub." These "intelligent hubs" aren't actually switches and they're certainly not hubs... So they must be something in the middle, like "swubs".
The Linksys documentation for the "hub" in question had no info about how it actually functions. The "blazing fast" marketing shtick should have been a hint though - it's got to be doing <something> intelligent to gain more speed. I found the answer by going onto the Linksys "Live Chat" page - got confirmation that all of their auto-sensing "hubs" actually act more like switches. The support rep told me the following hubs "should" act more like a traditional hub: EW10HUB EW5HUB EWHUB For the time being we're going to try an old 3Com hub... May be up there in terms of MTBF (new single point of failure) but it should sort things out for us for the time being. THANKS for the assistance - when I actually know more about something "ntop" than any of you I'll certainly post solutions! Sincerely, Brett -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rivalino Matias Jr. Sent: Friday, March 30, 2007 9:27 AM To: ntop@unipi.it Subject: RES: [Ntop] What am I missing (other than a LOT of packets)? I agree with Gary, it looks like a smart hub (it does not do broadcast) of a unicast frame like true hubs (repeaters). Brett, you could validate your ntop setup trying to see the traffic using tcpdump, iptraf, etc. If you have two other hosts communication and you can't see with one of those tools, everything indicate that you have a switch, or a smart hub (w/o repeating) or you have a phisical problem (i.e. NIC). Good luck. Rivailno -----Mensagem original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nome de Gary Gatten Enviada em: quinta-feira, 29 de marco de 2007 15:37 Para: ntop@unipi.it Assunto: RE: [Ntop] What am I missing (other than a LOT of packets)? Looks like a switch to me. It's very rare - VERY rare - to have a dual speed hub/repeater. True hubs are typically single speed, 10 or 100, but not both. If it's truly a hub and you're still getting broadcast only traffic, try your dsl speed tests from the nTop host itself. If you see traffic in nTop for that host (unicast) but none others, you're either on a switch or your NIC is not promiscuous. G -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Younge Sent: Thursday, March 29, 2007 11:37 AM To: ntop@unipi.it Subject: [Ntop] What am I missing (other than a LOT of packets)? Hello all, I see the list is pretty active today... I'm new and looking for answers - please :) Our Ntop box is missing most of my traffic. It's getting mostly netbios, dhcp and other broadcasts... Plus the odd trickle of other information. Bandwidth stats never pass about 200 kbps but I know I've pushed over 3500 kbps today alone. We're running ntop pre-compiled snapshot for win-32 (3.2.6.). In terms of architecture, I've got the ntop box hanging off a hub (in promiscuous mode) between our LAN's gateway router and the firewall's internal interface. nTop SHOULD be seeing all traffic in and out of our LAN. We ran a series of test files from a host on the LAN - downloading "dsl speed tests," big emails, etc. I still only show 405 bytes sent (none received) for the host - only arp, netbios and some other udp traffic (looks like mostly broadcast traffic). Stats for the host also show 97% local and 3% remote traffic. The monitor pc (ntop) showed no appreciable up-tick in terms of CPU or network utilization during the tests. I've confirmed we're definiely using a hub (linksys 10/100 8-port - efah08w) although I'd swear these stats are from a switch. To configure ntop I'm doing "ntop /r" and the following to re-install the service: ntop /i -i 0 -p "HTTP=http|www|https|3128,AS400-svcs=telnet|login|515|8476|8471|449|1025 |847 0,Mail-In=995,Mail-Out=465,Mail-Other=pop-2|pop-3|pop3|kpop|smtp|imap|im ap2, NetBios=netbios-ns|netbios-dgm|netbios-ssn,FTP=ftp|ftp-data,DHCP-BOOTP=6 7-68 ,DNS=name|domain,RemoteDesk=3389,nTop-web=3000" What am I missing (other than a LOT of packets)? Thanks! Brett _______________________________________________ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop =========================================================================== "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." _______________________________________________ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
